Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

How to edit my configurations to use Heavy Forwarder to filter and route data to another Splunk setup?

0

Hi,

I'm trying to use Heavy Forwarders (HF) to route and filter data to another Splunk setup outside of mine. My goal is to send only sourcetype=log4net matching a REGEX (let's say ClientName). I managed to do this but the client requested that I change also the index to where I sent which totally messed up my solution.

Trying to make it short: index=main sourcetype=log4net with ClientName should be routed to the client, index=main sourcetype=iis whatever should not. Any help is deeply appreciated!

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here. Closing this box indicates that you accept our Cookie Policy.